nanog mailing list archives

Re: BCP38 Deployment

From: goemon () anime net
Date: Wed, 28 Mar 2012 10:11:07 -0700 (PDT)

On Wed, 28 Mar 2012, Bingyang LIU wrote:

the provider may not be able to protect its customers, because ingress
filtering (including uRPF) is inefficient when done near the
destination. In other words, an ISP can deploy BCP38 or whatever, but
still cannot well protect its customers from spoofing attacks from
other ASes.

The ASes which enable spoofing need to have some penalty imposed or theywill never engage in correct behavior.


Something like throwing all their traffic into scavenger class.

If their customers start complaining to them, maybe then they will shapeup.


-Dan

Current thread:

Re: BCP38 Deployment, (continued)
- - - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment Michael Thomas (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment Valdis . Kletnieks (Mar 28)
    - Re: BCP38 Deployment David Conrad (Mar 28)
    - Re: BCP38 Deployment Leo Bicknell (Mar 28)
    - Re: BCP38 Deployment goemon (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)
    - Re: BCP38 Deployment Eric Brunner-Williams (Mar 28)
    - Re: BCP38 Deployment Bingyang LIU (Mar 28)
    - Re: BCP38 Deployment goemon (Mar 28)
    - Re: BCP38 Deployment Joe Provo (Mar 29)
    - Re: BCP38 Deployment Jon Lewis (Mar 29)
    - Re: BCP38 Deployment Joe Provo (Mar 29)
    - Comcast Ethernet Feed Brian R. Watters (Mar 29)
    - Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
    - Re: Comcast Ethernet Feed Jon Lewis (Mar 29)
    - Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
    - Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
    - Re: Comcast Ethernet Feed Brian R. Watters (Mar 29)
    - Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)

(Thread continues...)